| 摘要 |
A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, an electronically-activated switch for activating only the selected and authorized security level, and a mechanically-activated switch that detects the availability of the security level selected. The computer will automatically power-up at the first security level and activate the first security subsystem which is allocated to the processing of restricted data. Access to each level of restricted data requires a user to insert-his smart card into a smart-card reader which will verify the identity through an entered PIN or from stored biometrics data and will allow the user to access only those levels for which the user is authorized as stored in the smart card. The selection of an authorized level generates an activation signal, for a selected security level and permitted computer assets for the selected security level, from the smart-card reader to the electronically activated switch which connects power only to the security subsystem for the security level selected and removes power from all other subsystems. If the required subsystem is not available within the computer the mechanically-activated switch will sense this condition and default to the first security level. Since only one security level is ever active and the switching from one-level to another requires the computer RAM to be powered off there can be no possibility of user access to unauthorized data.
|
